chore: add security scanning and enforce no-npx rule

- Add ecc-agentshield as pinned devDep for Claude Code config scanning
- Add `pnpm run security` script (agentshield + zizmor)
- Add /security-scan command for Claude
- Add npx/dlx/yarn-dlx check to pre-commit hook
- Add NEVER npx/dlx rule to CLAUDE.md ABSOLUTE RULES
- Remove dead .husky/security-checks.sh (duplicate of .git-hooks/pre-commit)

Author: jdalton

.claude/commands/security-scan.md

@@ -0,0 +1,22 @@
+Run a security scan of the project via `pnpm run security`, or manually:
+
+## 1. Claude Code configuration security
+
+Run `pnpm exec agentshield scan` to check `.claude/` for:
+- Hardcoded secrets in CLAUDE.md and settings
+- Overly permissive tool allow lists (e.g. `Bash(*)`)
+- Prompt injection patterns in agent definitions
+- Command injection risks in hooks
+- Risky MCP server configurations
+
+## 2. GitHub Actions workflow security
+
+Run `zizmor .github/` to scan all workflows for:
+- Unpinned actions (should use full SHA, not tags)
+- Secrets used outside `env:` blocks
+- Injection risks from untrusted inputs
+- Overly permissive permissions
+
+If zizmor is not installed, skip with a message. Install via `brew install zizmor` or see https://docs.zizmor.sh/installation/.
+
+Report all findings with severity levels. Fix CRITICAL and HIGH findings immediately.

.git-hooks/pre-commit

@@ -112,6 +112,24 @@ for file in $STAGED_FILES; do
   fi
 done
 
+# Check for npx/dlx usage (use pnpm exec or pnpm run instead).
+printf "Checking for npx/dlx usage...\n"
+for file in $STAGED_FILES; do
+  if [ -f "$file" ]; then
+    # Skip node_modules, lockfiles, and this hook itself.
+    if echo "$file" | grep -qE 'node_modules/|pnpm-lock\.yaml|\.git-hooks/'; then
+      continue
+    fi
+
+    if grep -nE '\bnpx\b|\bpnpm dlx\b|\byarn dlx\b' "$file" 2>/dev/null | grep -v '# zizmor:' | grep -q .; then
+      printf "${RED}✗ ERROR: npx/dlx usage found in: $file${NC}\n"
+      grep -nE '\bnpx\b|\bpnpm dlx\b|\byarn dlx\b' "$file" | grep -v '# zizmor:' | head -3
+      printf "Use 'pnpm exec <package>' or 'pnpm run <script>' instead.\n"
+      ERRORS=$((ERRORS + 1))
+    fi
+  fi
+done
+
 if [ $ERRORS -gt 0 ]; then
   printf "\n"
   printf "${RED}✗ Security check failed with $ERRORS error(s).${NC}\n"

.husky/security-checks.sh

@@ -69,6 +69,7 @@
 - Always prefer editing existing files
 - Forbidden to create docs unless requested
 - Required to do exactly what was asked
+- 🚨 **NEVER use `npx`, `pnpm dlx`, or `yarn dlx`** — use `pnpm exec <package>` for devDep binaries, or `pnpm run <script>` for package.json scripts. If a tool is needed, add it as a pinned devDependency first.
 
 ## ROLE
 

CLAUDE.md

@@ -0,0 +1,31 @@
+{
+  "zizmor": {
+    "description": "GitHub Actions security linter",
+    "type": "github-release",
+    "repository": "zizmorcore/zizmor",
+    "version": "1.23.1",
+    "binary": "zizmor",
+    "assets": {
+      "darwin-arm64": {
+        "asset": "zizmor-aarch64-apple-darwin.tar.gz",
+        "sha256": "2632561b974c69f952258c1ab4b7432d5c7f92e555704155c3ac28a2910bd717"
+      },
+      "darwin-x64": {
+        "asset": "zizmor-x86_64-apple-darwin.tar.gz",
+        "sha256": "89d5ed42081dd9d0433a10b7545fac42b35f1f030885c278b9712b32c66f2597"
+      },
+      "linux-arm64": {
+        "asset": "zizmor-aarch64-unknown-linux-gnu.tar.gz",
+        "sha256": "3725d7cd7102e4d70827186389f7d5930b6878232930d0a3eb058d7e5b47e658"
+      },
+      "linux-x64": {
+        "asset": "zizmor-x86_64-unknown-linux-gnu.tar.gz",
+        "sha256": "67a8df0a14352dd81882e14876653d097b99b0f4f6b6fe798edc0320cff27aff"
+      },
+      "win32-x64": {
+        "asset": "zizmor-x86_64-pc-windows-msvc.zip",
+        "sha256": "33c2293ff02834720dd7cd8b47348aafb2e95a19bdc993c0ecaca9c804ade92a"
+      }
+    }
+  }
+}

external-tools.json

@@ -40,6 +40,8 @@
     "package-npm-publish": "node scripts/npm/publish-npm-packages.mjs",
     "perf": "node scripts/perf.mjs",
     "precommit": "pnpm run check --staged",
+    "security": "agentshield scan && { command -v zizmor >/dev/null && zizmor .github/ || echo 'zizmor not installed — run pnpm run setup to install'; }",
+    "setup": "node scripts/setup.mjs",
     "prepare": "husky && pnpm run build",
     "prepublishOnly": "echo 'ERROR: Use GitHub Actions workflow for publishing' && exit 1",
     "publish": "node scripts/publish.mjs",
@@ -91,6 +93,7 @@
     "del-cli": "catalog:",
     "dev-null-cli": "catalog:",
     "didyoumean2": "catalog:",
+    "ecc-agentshield": "catalog:",
     "esbuild": "catalog:",
     "eta": "catalog:",
     "fast-glob": "catalog:",